Apache

Inlong

32 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2023-31065

  • EPSS 0.17%
  • Veröffentlicht 22.05.2023 16:15:10
  • Zuletzt bearbeitet 21.11.2024 08:01:20

Insufficient Session Expiration vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0.  An old session can be used by an attacker even after the user has been deleted or the password ha...

7.5

CVE-2023-31064

  • EPSS 0.19%
  • Veröffentlicht 22.05.2023 16:15:09
  • Zuletzt bearbeitet 21.11.2024 08:01:20

Files or Directories Accessible to External Parties vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. the user in InLong could cancel an application that doesn't belongs to it. Users...

9.8

CVE-2023-31062

  • EPSS 0.17%
  • Veröffentlicht 22.05.2023 16:15:09
  • Zuletzt bearbeitet 21.11.2024 08:01:20

Improper Privilege Management Vulnerabilities in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.  When the attacker has access to a valid (but unprivileged) account, the exploit can be executed usi...

7.5

CVE-2023-31454

  • EPSS 0.14%
  • Veröffentlicht 22.05.2023 14:15:09
  • Zuletzt bearbeitet 21.11.2024 08:01:53

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0.  The attacker can bind any cluster, even if he is not the cluster owner. User...

7.5

CVE-2023-31453

  • EPSS 0.18%
  • Veröffentlicht 22.05.2023 14:15:09
  • Zuletzt bearbeitet 21.11.2024 08:01:53

Incorrect Permission Assignment for Critical Resource Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.2.0 through 1.6.0. The attacker can delete others' subscriptions, even if they are not the owner ...

7.5

CVE-2023-31206

  • EPSS 0.15%
  • Veröffentlicht 22.05.2023 14:15:09
  • Zuletzt bearbeitet 21.11.2024 08:01:37

Exposure of Resource to Wrong Sphere Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers can change the immutable name and type of nodes of InLong. Users are advised to upgra...

7.5

CVE-2023-31058

  • EPSS 0.16%
  • Veröffentlicht 22.05.2023 13:15:09
  • Zuletzt bearbeitet 21.11.2024 08:01:19

Deserialization of Untrusted Data Vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.6.0. Attackers would bypass the 'autoDeserialize' option filtering by adding blanks. Users are advised...

5.3

CVE-2023-30465

  • EPSS 0.11%
  • Veröffentlicht 11.04.2023 15:15:10
  • Zuletzt bearbeitet 13.02.2025 17:16:24

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.4.0 through 1.5.0. By manipulating the "orderType" parameter and t...

8.8

CVE-2023-27296

  • EPSS 0.2%
  • Veröffentlicht 27.03.2023 15:15:08
  • Zuletzt bearbeitet 21.11.2024 07:52:36

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong. It could be triggered by authenticated users of InLong, you could refer to [1] to know more about this vulnerability. This issue affects Apache InLong: fro...

9.8

CVE-2023-24997

  • EPSS 0.2%
  • Veröffentlicht 01.02.2023 15:15:08
  • Zuletzt bearbeitet 26.03.2025 15:15:47

Deserialization of Untrusted Data vulnerability in Apache Software Foundation Apache InLong.This issue affects Apache InLong: from 1.1.0 through 1.5.0. Users are advised to upgrade to Apache InLong's latest version or cherry-pick https://github.com/...